Commit Graph

14 Commits

Author SHA1 Message Date
Régis Hanol 60ec483caa FIX: include title in local onebox when linking to a different topic 2018-02-19 22:40:14 +01:00
Sam f028ffaf29 SECURITY: correct local onebox category checks
Also removes ugly "source_topic_id" from cooked posts

Patch was authored by @zogstrip

Signed-off-by: Sam <sam.saffron@gmail.com>
2018-02-14 10:40:46 +11:00
Sam 41986cdb2f Refactor requires login logic, reduce duplicate code
This also corrects the positioning in the chain of the check
and removes misuse of prepend_before_action
2018-02-01 15:17:59 +11:00
Sam f2e7b74d88 FIX: don't return 200s when login is required to paths
When running `ensure_login_required` it should always happen prior to
`check_xhr` cause check xhr will trigger a 200 response
2018-02-01 12:26:45 +11:00
Sam e0e99d4bbd PERF: hijack onebox requests so they do not use up a unicorn worker 2017-11-24 15:31:40 +11:00
Sam d43a54e83a FIX: use current_user.id in onebox instead of param 2017-11-23 15:32:19 +11:00
Guo Xiang Tan 77d4c4d8dc Fix all the errors to get our tests green on Rails 5.1. 2017-09-25 13:48:58 +08:00
Robin Ward 2ff850d446 FIX: If forcing a refresh, don't return a onebox preview 2017-06-12 14:05:59 -04:00
Sam Saffron 0013a23dc1 SECURITY: prefer render plain/html to render text where possible 2017-04-10 08:01:42 -04:00
Régis Hanol 52cd9972bb FIX: prevent DDoS with lots of _oneboxable_ links
FIX: ensure the onebox route is only allowed to logged in users
FIX: only allow 1 outgoing onebox preview per user
FIX: client should only do 1 preview at a time
2016-12-20 00:31:10 +01:00
Robin Ward ee5213be5f Fixes regression with video embeds 2013-03-21 20:53:12 -04:00
Robin Ward babcfe6234 Cache oneboxes in Redis now instead of postgres. 2013-03-21 13:11:54 -04:00
Robin Ward e4277757c4 Fix onebox loading on every keystroke after a request fails. 2013-03-05 14:06:39 -05:00
Robin Ward 21b5628528 Initial release of Discourse 2013-02-05 14:16:51 -05:00